1.Healthcare organizations are under strict compliance to HIPPA privacy requirements which require that an organization have proper security controls for handling personal healthcare information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI privacy data. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List one and justify and justify your answer in one or two sentences.

a.Hacker penetrates your IT infrastructure and gains access to your internal network. If a hacker gains access to your network, they will potentially have access to patient files or other sensitive information that is under the HIPPA guidelines.

2.How many threats and vulnerabilities did you find that impacted risk within each of the seven domains of a typical IT...

...﻿Lab 6
1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?
It is important to prioritize because you must be aware of what the risks, threats, and vulnerabilities there are to your infrastructure. You need this so that you know where the most attention needs to be focused on.
2. Based on your executive summary produced in Lab #4 Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management?
Setting up security measures through various means includes the following:
Forcing users to update password every X number of days.
Educating the users.
Firewalls - Anti-malware
3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities?
Common things such as user activity can be a very big risk, so your best bet is to consider all options as potential threats. You will have to rank some risk higher than the others.
4. What risk mitigation solutions do you recommend for handling the following risk element?
A user inserts a CD or USB hard drive with personal photos, music, and videos on organization owned computers. A good antivirus program and have all devices scanned as soon as they are plugged in. Educate employees Disable optical drives/USB ports.
5. What is security baseline definition?
A baseline is...

...1. Healthcare is under a strict HIPPA privacy requirements which require that an organization have proper security controls for handling personal healthcare information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI privacy data. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List one and justify your answer in one or two sentences.
Hacker penetrates your IT infrastructure and gains access to your internal network – If a hacker is able to penetrate your internal network he has the potential to gain access to patient files or other private data that is covered under HIPPA guidelines.
2. How many threats and vulnerabilities did you find that impacted risk within each of the seven domains of a typical IT infrastructure?
a. User Domain: 2
b. Workstation Domain: 5
c. LAN Domain: 7
d. LAN-to-WAN Domain: 2
e. WAN Domain: 2
f. Remote Access Domain: 2
g. System/Application Domain: 1
3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN Domain
4. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the healthcare and HIPPA compliance scenario?
I would consider the both minor for the most part. Unless performance becomes a work stoppage, both...

...﻿Exercise 1:
Dissolved oxygen is oxygen that is trapped in a fluid, such as water. Since virtually every living organism requires oxygen to survive, it is a necessary component of water systems such as streams, lakes and rivers in order to support aquatic life. The dissolved oxygen is measure in units of ppm—or parts per million. Examine the data in Table 2 showing the amount of dissolved oxygen present and the number of fish observed in the body of water the sample was taken from; finally, answer the questions below.
Table 2: Water quality vs. fish population
￼￼
1. Based on the information in Table 2, what patterns do you observe?
The more dissolved oxygen in the water, the more fish are observed in that area of water.
2. Develop a hypothesis relating to the amount of dissolved oxygen measured in the water sample and the number of fish observed in the body of water.
If there is more dissolved oxygen in the water, there will be more fish are observed in the area of water.
3. What would your experimental approach be to test this hypothesis?
To test the hypothesis I would do the same to get the results on the table. Test the oxygen in different areas of the water and keep track of the amount of fish in the area to later compare the results.
4. What are the independent and dependent variables?
Independent Variable- Dissolved Oxygen
Dependent- Fish
5. What would be your control?
In this experiment I don’t believe...

...﻿1. The goal or objective of an IT risk assignment is to remove a hazard or reduce the level of its risk by adding precautions or control measures, as necessary.
2. The reason why it’s so hard to conduct a qualitative risk assessment is because no one is going to take the time to take the value of everything in the company, the greatest valued items half to be discussed with someone usually in a higher power, and it is hard to tell what has the most valued risk at that time in the company due to changes in the company.
3. In regards to assigning “1” risk impact/risk factor value of “critical” for an identified risk, threat, and vulnerability is the cost of total loss of hardware for both primary and backup systems for data for the entire company.
4. I prioritized the 1, 2, and 3 risk elements by greatest impact to the company for both a cost value and for the means to get the company back to working order. What I would say to an executive is that the cost of value to your company is greatest when your system is compromised on hardware that has the most valued data within the company and when backup is down long enough to the point of no return.
5. Identify risk mitigation solutions
User downloads and clicks on an unknown e-mail attachment: Effective email attachment filtering and restrictions reduce the likelihood of malicious content entering the network.
Workstation OS has a known software vulnerability: either update the...

...﻿Lab1: Observation of Chemical Changes
Name: Tyler Lee
Lab Partners: none
Date of Experiment: Feb 26 2015
Location: My House
Course Number: CHE111
Abstract:
The point of this lab was to test and observe chemical changes when mixing chemicals together and also through heating chemicals.
Experiment and Observations:
The experiment performed in the first part of this lab was to mix various chemical solutions together and then observe and record the chemical changes, also if a chemical change occurred at all. This was very interesting to me since some of the chemicals I thought were going to react didn’t, while some I thought were going to have no change suddenly changed color or texture.
The observations I made were recorded with the lab manual data table 1 as a guide as to which chemicals to use. A total of eight chemicals were mixed together on this part.
The experiment performed in the second part of the lab was heating 4 different chemical substances (s) and observing the changes made to them. Also determining if a chemical change had occurred. One test was performed with the substances in the tubes and another with the chemicals outside of the tubes and over the open flame.
The observations I made were recorded in the data table 2 and located in the questions section of this lab report.
Data Table 2
Chemical
Initial...

...﻿IS3110
Unit 2 Lab #2
1. From the Identified threats & vulnerabilities from Lab#1 - (List at least 3 and No More than 5, High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities:
a. Hacker penetrates your IT infrastructure and gains access to your internal network (High risk)
b. Workstation OS has known software vulnerabilities
c. Unauthorized access to organization owned workstations
d. Denial of service attack on organization e-mail Server
e. Unauthorized access from public Internet
2.For the above identified threat and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected? If Yes or No, explain why
PO9.1 IT Risk Management Framework - Yes, because if a Hacker were to access the network and expose a vulnerabilities to a software or the company’s network it would potentially lead to PPI and/or company secrets leaked.
PO9.2 Established of Risk Context -Yes, The Company need to have this so if something were to happen then they will have a guideline as to what course of action to take to reduce this risk.
PO9.3 Event Identification - Yes, There need to be a list of all incidents that happen within the company and keep on file for future reference and to keep compliance with all the policies that are required to follow
PO9.4 Risk Assessment -Yes, This will help the company identify what issues they could possibly have with the company. The...

...﻿
1. Define an SLA and state why it is required in a risk adverse organization? (Pg.254)
Service level agreement (SLA): A document that identifies an expected level of performance. That identifies the minimum uptime and the maximum downtimes. SLA identifies a monetary penalties stating that if specifically the downtown is four hours. Then after those hours of downtime there will be penalties and fees. Which can also be related to the MAO. For less downtime will be more cost. Just with that extra cost should be less downtime. Employees don’t have SLA in an IT department but do play a role in it. IF there service begins to fail and it fails for to long it will affect the mission
2. Using the user domain, define risk associated with users and explain what can be done to migrate them?
Social engineering- Where users can be conned into giving u secrets, information, or preform an unsafe actions.
Corporate espionage- Information can be used as success or a fail. You either hit or you miss when acquire the right information. Such as black mail ties in to the subject of espionage. Just because your can us personal information of a user to acquired data and information for a company they are working for.
Best way to address those issues is to implement acceptable use policies (AUP). To ensure users known what they should and shouldn’t be doing. Use logon banners to remind user of AUP. Be sure to send out occasional emails with tidbits to keep security...